Skip to Content
Author's profile photo Former Member

Wonder how Data Control Language (DCL) works with ABAP Core Data Services (CDS)?

Recently, I was playing with some of the ABAP CDS views and faced several challenges with authorizations. I do not see many documents online for CDS development as it is relatively new and therefore I have decided to write a blog, which I think, might benefit someone out there.

As you may already aware of, ABAP CDS views run on ABAP Layer and they are not restricted to SAP Hana (i.e. Database independent). ABAP CDS has its own authorization concept based on roles defined with DEFINE ROLE in a DCL source code.

Here is a basic CDS view with data category “dimension”

/wp-content/uploads/2016/09/1_1039740.jpg


When I run the CDS view above in Hana Studio, I observed that the query did not fetch the data for Cost Centers.  Why?


Every CDS view has its corresponding SQL View in SE11. In the above example, IFICostCenter is the DDL SQL view for DDL, I_CostCenter

Here is the easy way to find the package where these objects are defined,

Go to SE11 > Enter the view, IFICostCenter > Display

/wp-content/uploads/2016/09/2_1039741.jpg

You can find the package name here (highlighted above)

Now open Hana Studio and add the package to your Favorite Package folder,

/wp-content/uploads/2016/09/3_1039748.jpg

Once added to your Favorite package > expand Core Data Services and you would see the DDL source codes in Data Definitions folder and DCL sources in Access Controls folder.

/wp-content/uploads/2016/09/4_1039749.jpg

Here is an example of a DCL source for Cost Center CDS view

/wp-content/uploads/2016/09/5_1039750.jpg

Note: DDL and DCL names must be identical.

Authorization checks are done in DCL source. We should make sure that the authorization object, K_CSKS assigned to users in the back-end (In my case S/4Hana 1511)

Once the authorization object is granted to users, I started seeing the data for cost centers. Bingo!

Note: actvt is the action. In this case 03 – Display 

The annotation @AccessControl.authorizationCheck: #CHECK enforces the authorization check. Authorization check will be ignored if you use #NOT_REQUIRED or #NOT_ALLOWED

/wp-content/uploads/2016/09/6_1039763.jpg

Hope this helps



Assigned Tags

      4 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Omer Savran
      Omer Savran

      thanks.. it is a nice blog

      Author's profile photo Gopinath Kolli
      Gopinath Kolli

      Looks Promising, have to try it out.

      Thanks for sharing.

      Author's profile photo Former Member
      Former Member

      HI,

      I have authorizations built,
      works perfect in Hana Studio. But when I run the CDS in SAP BO Lumira, SAP BO Analysis for Excel  does not check the authorizations, I can display the total data of the CDS.

      Should I consider something more so that the SAP BO tool takes into account the authorizations?

      Thanks

       

      Author's profile photo Former Member
      Former Member

      Which BW or ECC application and version/patch level is this available in?  You mentioned SE11, but do not clarify which application and version.